I wrote:
That is exactly the problem with autotools code, almost nobody
understands
what the heck it does, almost everybody just copies and pastes somebody
else's snippet hoping it does not do bad things. And gnulib is a
particularly ugly piece of the puzzle.
PS: Here is a pretty good post summarizing the issues with autotools, both
generally and in the context of the xz vulnerability:
https://felipec.wordpress.com/2024/04/04/xz-backdoor-and-autotools-insanity/
Kevin Kofler